Trust and Security with Google Cloud
Drill 20 practice questions focused entirely on Trust and Security with Google Cloud for the Google Cloud CDL exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
A financial services company is moving sensitive workloads to Google Cloud. Their compliance team wants a way to see near-real-time logs whenever a Google support or engineering employee accesses their content, including the reason for that access, so they can independently verify that provider staff are not viewing data without justification. Which Google Cloud capability directly meets this requirement?
A financial services company discovers that an attacker altered several transaction records in a database without authorization. Leadership asks which principle of the CIA triad was violated in this incident. Which principle was primarily compromised?
A financial services company must comply with an internal policy requiring that the organization retain full control over the lifecycle of the encryption keys protecting its data in Google Cloud, including the ability to rotate, disable, and revoke keys on its own schedule. They are comfortable with Google storing the keys but insist on managing them directly. Which encryption option best meets this requirement?
A healthcare company is preparing for an internal audit and must demonstrate that Google Cloud complies with recognized industry standards such as ISO 27001, SOC 2, and HIPAA. A compliance officer asks where they can obtain Google's third-party audit reports and certifications on demand, without contacting sales. Which Google Cloud resource should they use?
A healthcare organization stores patient medical records in Google Cloud. During a security review, the compliance team wants to ensure that even if an unauthorized party gains access to the underlying storage media, the patient data cannot be read. Which principle of the CIA triad is this control primarily addressing?
A financial services company is designing its cloud security posture. The security architect wants to ensure that if one control fails—such as a misconfigured firewall rule—additional independent safeguards (such as IAM restrictions, encryption, and monitoring) still protect sensitive customer data. Which security concept best describes this approach?
A healthcare company is evaluating Google Cloud for storing patient records. Their compliance team asks what protects the stored data if someone were to gain physical access to the underlying storage media in a Google data center. Which Google Cloud security feature addresses this specific concern by default, without any configuration by the customer?
A healthcare company is moving patient records to Google Cloud. Their security team is specifically worried about an attacker intercepting and reading data as it travels across the network between their application and Google Cloud APIs. Which Google Cloud security capability directly addresses this concern?
A retail company runs a public-facing web application on Google Cloud behind an external HTTP(S) load balancer. During a major sale event, the security team notices a large volume of malicious traffic attempting to overwhelm the site with a distributed denial-of-service (DDoS) attack, along with SQL injection attempts. Which Google Cloud service should the team use to protect the application at the network edge?
A financial services company must be able to answer the question 'who did what, where, and when' across their Google Cloud environment for internal investigations and regulatory reporting. The security team needs a record of administrative actions such as changes to IAM policies and the creation or deletion of resources. Which Google Cloud capability should they rely on to meet this requirement?
An online retailer runs its storefront on Google Cloud. During a recent regional service disruption, customers were unable to complete purchases, resulting in lost revenue. The security team is reviewing the incident against the CIA triad. Which principle of the CIA triad was most directly compromised in this situation?
A healthcare organization is evaluating Google Cloud and wants to verify that Google's infrastructure meets recognized security and privacy standards before storing sensitive data. Their compliance officer asks how they can independently confirm that Google's controls have been validated by a neutral party. What should you tell them?
A European healthcare provider is moving patient records to Google Cloud. Regulations require that this data physically remains stored within the European Union, and the compliance team wants assurance that Google will not move the stored data outside that boundary. Which Google Cloud capability directly addresses this requirement?
A company runs several Compute Engine VMs in a VPC network. The security team wants to ensure that only specific inbound traffic (for example, HTTPS from a known load balancer range) is allowed to reach these VMs, while all other inbound connections are blocked at the network layer. Which Google Cloud capability should they use to enforce this control?
A security team at a healthcare company is struggling to get a unified view of vulnerabilities, misconfigurations, and threats across dozens of Google Cloud projects. They currently check each project manually and often miss publicly exposed storage buckets and overly permissive firewall rules. Which Google Cloud service is designed to give them centralized visibility into their security posture and surface these risks automatically?
A healthcare organization is evaluating Google Cloud but is concerned about being able to independently verify that Google's cloud services actually meet the specific regulatory requirements (such as HIPAA) their industry demands. They want objective, independent assurance rather than relying solely on Google's own claims. Which Google Cloud trust and transparency capability best addresses this concern?
A financial services company is evaluating Google Cloud and is concerned about being left alone to figure out secure configurations after migration. Their CISO asks how Google Cloud's security model differs from a traditional 'shared responsibility' arrangement where the provider simply defines a boundary and hands off everything above it to the customer. Which Google Cloud trust principle best addresses this concern?
A retail company is evaluating Google Cloud and asks who is responsible for security once they move workloads to the cloud. Their CISO wants to understand the guiding principle that defines how security duties are divided between the company and Google. Which concept should you explain to the CISO?
A security architect at a healthcare company is reviewing how Google Cloud protects stored data by default. She wants to understand how Google manages the large number of encryption keys needed to protect data at rest across its infrastructure without manual overhead. Which approach does Google Cloud use to efficiently manage these encryption keys at scale?
A financial services company already uses Google Cloud's default encryption but now needs to create, rotate, and manage its own encryption keys from a centralized location to meet an internal governance policy. Which Google Cloud service should the team use to store and manage these cryptographic keys?
More CDL practice
Keep going with the other Cloud Digital Leader domains, or take a full timed mock exam.
← Back to CDL overview